dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10
share rss forum feed


chachazz
Premium
join:2003-12-14
kudos:9
Reviews:
·TELUS
reply to StuartMW

Re: Java is still exploitable and is likely going to remain so.

Mozilla has blocked all versions of Java:

Mozilla Security Blog - Protecting Users Against Java Vulnerability
»blog.mozilla.org/security/2013/0···ability/

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Mozilla has not blocked Java. I don't see any block when I go to, for instance, »web100.rit.edu:7123/ to do a speed test. Java itself first gives me a popup security warning and I have to tell Java that I wish to allow the applet at this site to load. Then and only then does it load. But that is not Mozilla's doing. That is because of how I set the security slider in the latest Java panel.

I had those Mozilla blocks on XP because I had an old version of Java there until recently and I don't get those on Win8 with the latest Java on Fx 10.0.10 ESR.

Maybe Mozilla has only blocked it for those who have not put the security slider high? Or those who have earlier versions of Java with no security slider?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


therube

join:2004-11-11
Randallstown, MD
Check the file blocklist.xml (in your Profile directory) & see what that shows.

(SeaMonkey's version is NOT blocking Java, where FF's is.)


kickass69

join:2002-06-03
Lake Hopatcong, NJ
reply to chachazz
Better question is...is Firefox phoning home to Mozilla all the time like Chrome does with Google? I mean how else are they able to control the Click to Play feature and determine what's 'bad' for us to run and what's not.


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to Mele20
said by Mele20:

Mozilla has not blocked Java.

They blocked it on the newest, current version of Fx. 18.0.



--
The Alien in the White House

20,196 DEADLY TERROR ATTACKS SINCE 9/11


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to therube
said by therube:

Check the file blocklist.xml (in your Profile directory) & see what that shows.

(SeaMonkey's version is NOT blocking Java, where FF's is.)

I see a bunch of Java related items in that file.
--
The Alien in the White House

20,196 DEADLY TERROR ATTACKS SINCE 9/11

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to therube
What should I use to read that file? It's hard to read in Notepad or Wordpad. But I don't see anything in it about Java...but being so hard to read I could have a missed an entry.

What does this statement from Moziilla mean?

"Always activate Java for a site

If you have a trusted site that uses Java and you need to use that site often, you can make Java work normally on just that website.

Click the red plugin icon in the address bar and a message window will open.
At the bottom of the message window, click the Activate All Plugins dropdown menu and choose Always activate plugins for this site."

»support.mozilla.org/en-US/kb/how···r-a-site

I don't see a red plug in the address bar on a site that uses a Java applet. In fact, I usually see nothing but an address. I frequently don't get the site icons or even sometimes secure icons, etc. I haven't since Mozilla messed with all that quite awhile ago. And this is true on my NEW computer also. I usually just get a strange round gray ball instead of an icon. The install of Fx 10 is only two months old. Plus, I updated Fx yesterday to 10.0.12. I suppose the red plugin icon in the address bar must not apply to version 10.0.12 ESR.

I still think the way to go is to set the Java slider HIGH and I think because I did that is why Mozilla is not blocking my Java. The function is quite similar to what Mozilla describes for how to always activate a plugin on a trusted site. You can do that in Java itself now. Did Mozilla fail to notice these latest changes in Java?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to La Luna
said by La Luna:

said by Mele20:

Mozilla has not blocked Java.

They blocked it on the newest, current version of Fx. 18.0.

[att=1]

That's an old version. Do you have the current version?
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
Not sure what you mean. 18.0 is the newest version of Firefox, which is what I have. Just updated to it on Friday.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
I'm sorry....I wasn't clear at all. I meant your Java version. It's not the latest (judging from your screenshot...which could be an older screenshot and not reflective of your current Java version). Is that screenshot from your computer or a Mozilla webpage? Whatever, it is showing an older version of Java. (I had thought perhaps Java was blocked for you because the version in your screenshot is not the latest), but since then I read the Mozilla forum and learned Mozilla has been very inconsistent in that they are blocking on CURRENT versions of Fx but NOT blocking on 10.0.12 ESR which is a CURRENTLY SUPPORTED VERSION. It's supported until the middle of Feb and I am still using it because I had enough on my plate dealing with Win 8 and didn't need a major browser upgrade at the same time. So, now I realize that the reason it is not blocked for me is because of Mozilla's inconsistency.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


MarkAW
Barry White
Premium
join:2001-08-27
Canada
kudos:16
reply to Mele20
said by Mele20:

said by La Luna:

said by Mele20:

Mozilla has not blocked Java.

They blocked it on the newest, current version of Fx. 18.0.

That's an old version. Do you have the current version?

Current enough for you?


--
We never really grow up, we only learn how to act in public.
Do not argue with an idiot. He will drag you down to his level and beat you with experience. (Hmm)
I have enemies? Good. That means I've stood up for something, sometime in my life.

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
Click for full size
Yeah...that's the version I have. But I don't have that warning. Mozilla forgot that 10.0.12 is still currently supported.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to Mele20
Yes, that is from my computer. I didn't update that last Java update as it still wasn't secure. I just disabled it entirely. I find I so far don't need it anyway.

Sorry for the confusion on my end.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
reply to Mele20
The warning only appears in Firefox 17 and above.

Hopefully we'll see a new Java update soon. I thought it laughable when Oracle announced they were only going to release updates every three months. That was an open invitation to the black hat community:

"We're going to do updates on a pre-set schedule so we can reduce costs and make our CEO and shareholders more money, even at the expense of our product's security. Feel free to exploit our product in between our scheduled updates."

I expected something like this to happen.


La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

1 recommendation

New update is out, v7u11.

»JAVA 7u11 now available for download

SafireDonkey
Premium
join:2006-10-29
89000

1 recommendation

Ah, even more wide open holes !


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

1 recommendation

reply to La Luna
Thanks. Just installed that and made plans for emergency deployment at work tomorrow and for my private business customers this evening.